IoT Devices & Administration Pages
One thing internet-of-things devices typically have in common is a lack of focus on security. Convenience is often more important, so details like ensuring the administration page for a device is secure may seem like an afterthought to some developers. As a result, it's common to see these devices appear on Nmap searches with insecure ports open. Even worse, some of these devices are designed to be exposed directly to the internet rather than just the internal network.
On security cameras, this problem is made much worse if the camera also hosts an insecure webpage where the owner can watch video play directly from the camera. If this is the case, anyone else who knows the Wi-Fi password can see exactly what the target is watching on the security camera. Because most businesses or homes with a camera have a monitor set up to view the camera, this can be a real concern for users with weak passwords or others sharing the network.
No comments